Redirect Removal
THREAT REMOVAL Redirect Removal

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading... imageThe article will help you to remove effectively. Follow the browser hijacker removal instructions at the end of this article.

A dangerous browser hijacker called has been found to infect computer users worldwide. The victims report serious security and privacy issues when accessing the malicious service. It is linked with other criminal services that are used to harvest sensitive data from the victims.

Threat Summary
TypeBrowser Hijacker, PUP
Short DescriptionEvery browser application which is on your computer will get affected. The hijacker can redirect you and show you lots of advertisements.
SymptomsBrowser settings that get changed are the start page, search engine and the new tab page.
Distribution MethodFreeware Installations, Bundled Packages
Detection Tool See If Your System Has Been Affected by


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss – Delivery Methods

Users can get infected with the redirect by falling victim into one of the many distribution options available. Most of them are related to browser hijacker infections. They are malicious extensions made for the most popular web browsers: Mozilla Firefox, Google Chrome, Safari, Internet Explorer and Microsoft Edge. Once infected with them the victims may find that essential settings have been modified by the malware. Some of the most obvious changes include the default home page, new tabs page and search engine. Other dangers include the following:

  • Information Harvesting ‒ The browser hijackers have the ability to extract sensitive information from the web browsers. This includes form data, bookmarks, history, stored account credentials, settings and passwords.
  • Additional Malware Infection ‒ In many cases browser hijackers can lead to malicious virus infections as well.
  • System Changes ‒ The application can modify essential system settings as well which can cause performance or stability issues. infections can also be caused by web scripts and other related malware. Another method involves the use of infected files, popular strategies include documents and software installers. They contain scripts and code that leads to the installation of the redirect. The documents themselves can be any of the popular office types (rich text documents, spreadsheets or databases) and when they are run built-in macro commands are activated that download the to the victim computer. Software installers on the other hand can be of different types. The majority of them are hacker-modified applications downloaded from their official sources. They are configured to include the malware code that leads to a successful infection. Such samples are then spread on fake download portals or P2P networks like BitTorrent where pirate content is usually found. Web scripts, ad networks and other malware can also lead to infections. – In-Depth Overview

Once the infection is established on the victim computers the users will find that their browsers are constantly redirected to one of the domains associated with the threat ‒ or They feature the same design, a web page that shows a familiar looking interface. The web page is made up of several elements:

  • Top Menu Bar ‒ Shows a small search box, links to popular services and the the title of the site “Free Live Radio”.
  • Search Engine ‒ The main element of the site shows a search engine box that is placed in the center. Underneath it are placed large buttons to some of the most widely used web sites, along with an option to hide them.
  • Bottom Menu ‒ It shows text links that lead to the Privacy policy, terms of use, contact and other related pages.

The aim of the hackers is to manipulate the victims into using the site in any way possible. All interactions are recorded and the fact that most of the redirects are caused by browser hijackers operated by the same operators or their affiliates.

The fact that the website is designed to look like a legitimate search engine or an Internet portal shows that the operators have a malicious intent in this case. We have detected that merely visiting the home page without interacting with any of the links still leads to the delivery of many cookies. As a result every victim is assigned a unique infection ID that tracks the interaction of every user and starts to build a database of all collected data. coookies

We have uncovered that the site is operated by Polarity a well-known company that operates a lot of similar sites. As it is part of a large network we suspect that the site is part of their information collection scheme. If the users use several sites operated by Polarity the hackers will be able to collect more information about them. This is one of the reasons why the search engine relies on a custom Yahoo-powered link.

When the users search for something using the box they will be shown inaccurate results. They may come across several different types of links:

  • Polarity Powered Affiliate Sites ‒ The company may opt to place a preference on their own sites. By folowing such links the victims will find themselves in a loop of similar sites that all track their behavior and harvest sensitive data.
  • Affiliate Links ‒ Such sites are shown to the users based on a deal made by the site operators and ad networks. The site gains income based on site interaction with these sites.
  • Search Engine Sponsored Sites ‒ These site results generate income for the search engine itself.

As you can see best or relevant results are not among the priority list. As a consequence it is possible to infect the victims with dangerous viruses or ransomware by interacting with malicious sites. Hackers frequently utilize such sites to spread new malware samples. – Privacy Policy

The privacy policy and the terms are accessible from the bottom navigation menu found on the home page. The privacy policy shows that the redirect is operated by a Cyprus-based company called Polarity Technologies Ltd.. It is accessible from the footer link and provides a list of the dangers involved. According to the document the potential problems encompass all accessible services – this means that if the victims follow any of the links then they will continue to abide by the policy. Here is a list of the privacy issues as outlined by the document:

  • Treaty Acceptance – The user automatically agrees to abide by the terms outlined in the privacy policy at the moment the website and associated services are accessed.
  • Data Collection – The company enforces data collection on the site, both personally-identifiable and anonymous usage. The user consents to the fact that this includes all search queries and recorded information that can lead to the discovery of the victim’s personal data: name, mailing address, telephone number, social security number, driver’s license or other ID. Every visitor is logged with a unique ID. Statistical information includes the type of web browser, resolution, browser settings and other related data. Beware that the site operators also have access to the information regarding the potential geographical location and Internet Service Provider.
  • Data Disclosure – The service operators may disclose the collected data to third-party companies, partners and affiliates.
  • User Tracking – The users are automatically assigned a tracking cookie which can record all interactions with the service.

The company’s address is listed as the following:

Polarity Technologies LTD
Nora Court, 3rd floor, office 301
Limassol, Cyprus 3040

The same policy is applied to the site as well.

Remove Effectively

To remove manually from your computer, follow the step-by-step removal instructions provided below. In case the manual removal does not get rid of the hijacker redirect and its files completely, you should search for and remove any leftovers with an advanced anti-malware tool. Such a program can keep your computer safe in the future.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share